First published: Wed Dec 27 2017(Updated: )
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Network Security Services | ||
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11698 is a vulnerability in Mozilla Network Security Services (NSS) that allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11698 has a severity rating of 7.8 (high).
CVE-2017-11698 manifests as a heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c.
Mozilla Network Security Services (NSS) is affected by CVE-2017-11698.
CVE-2017-11698 can be exploited by using a crafted cert8.db file.